Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Breaking the Monolith: best practices to contai...

Breaking the Monolith: best practices to containerize your app

Following simple patterns of good application design can allow you to scale your application for your customers easily. We'll dive into the 12 factor application design and show how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplify your work flow and help you adopt best practices to manage containers at scale in the cloud.

More Decks by Sébastien Stormacq - AWS Developer Advocate

Other Decks in Technology

Transcript

  1. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Breaking the Monolith Best Practices to run containers in the cloud M A P 0 0 4 Sébastien Stormacq | @sebsto Technical Evangelist, AWS EMEA Akos Veres | @puck Operability Engineer, Equal Experts
  2. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved.
  3. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. The 12 factor application I. Codebase One codebase w/ revision control, many deploys II. Dependencies Explicitly declare and isolate dependencies III. Config Store config in the environment IV. Backing services Treat backing services as attached resources V. Build, release, run Strictly separate build and run stages VI. Processes Execute the app as one or more stateless processes VII. Port binding Export services via port binding VIII. Concurrency Scale out via the process model IX. Disposability Fast startup and graceful shutdown X. Dev/prod parity Keep environments as similar as possible XI. Logs Treat logs as event streams XII. Admin processes Run admin/management tasks as one-off processes
  4. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. You know what’s great for a 12 factor app?
  5. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved.
  6. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. RUNNING A SINGLE CONTAINER
  7. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task RUNNING CONTAINERS
  8. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3 Scheduling and Orchestration Cluster Manager Placement Engine
  9. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. ECS AMI Docker agent ECS agent ECSTask ECSTask ECSTask ECSTask EC2 Instance
  10. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance Scheduling and Orchestration Cluster Manager Placement Engine
  11. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. “Just launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” X 10
  12. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. One codebase tracked in revision control, many deploys
  13. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Staging / QA Production Dev #1 Dev #2
  14. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Explicitly declare and isolate dependencies
  15. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Dependencies Dependencies Binaries Code
  16. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Store config in the environment
  17. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Secrets Manager & Task Definitions "containerDefinitions": [ { "secrets": [ { "name": "environment_variable_name", "valueFrom": ”arn_of_your_secret" } ] } ]
  18. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Treat backing services as attached resources
  19. PostgreSQL app1 app2 Load balancer Use CNAMES for maximum flexibility

    and easy reconfiguration postgres.mycompany.com app2.mycompany.com
  20. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Strictly separate build and run stages
  21. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS appspec version: 1.0 Resources: - TargetService: Type: AWS::ECS::Service Properties: - TaskDefinition: "my_task_definition:8" LoadBalancerInfos: - ContainerName: "SampleApp" ContainerPort: 80 Hooks: - BeforeInstall: "LambdaFunctionToExecuteAnythingBeforeNewRevisionInstallation" - AfterInstall: "LambdaFunctionToExecuteAnythingAfterNewRevisionInstallation" - AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficShift" - BeforeAllowTraffic: "LambdaFunctionToValidateBeforeTrafficShift" - AfterAllowTraffic: "LambdaFunctionToValidateAfterTrafficShift"
  22. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic
  23. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment Target group 2 100% Prod traffic Test traffic listener (port 9000)
  24. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment Green tasks: v2 code 100% Prod traffic Provision green tasks
  25. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Test traffic 100% Prod traffic Run hook against test endpoint before green tasks receive prod traffic
  26. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Flip traffic to green tasks, rollback in case of alarm 0% Prod traffic
  27. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Drain blue tasks
  28. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments • Docker tags are resolved when each container starts, not just during deployments • Deploying “latest” or “prod” can result in untested code in production after a scale-out event • Use unique “immutable” tags for deployments
  29. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments
  30. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Build pushes new “latest” image Image: sha256@22222... (“latest”)
  31. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“latest”)
  32. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Deploy using immutable tags { "name": "sample-app", "image": "amazon/amazon-ecs- sample@sha256:3e39d933b1d948c92309bb583b5a1f3d28f0119e1551ca1fe538ba414a41af48d" } { "name": "sample-app", "image": "amazon/amazon-ecs-sample:build-b2085490-359f-4eaf-8970-6d1e26c354f0" } SHA256 Digest Build ID
  33. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Compute immutable tags during build SHA256 Digest export IMAGE_URI=`docker inspect --format='{{index .RepoDigests 0}}' my_image:$IMAGE_TAG Example Result: amazon/amazon-ecs-sample@sha256:3e39d933b... Build ID export IMAGE_TAG=build-`echo $CODEBUILD_BUILD_ID | awk –F":" ‘{print $2}'` Example Result: build-b2085490-359f-4eaf-8970-6d1e26c354f0
  34. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments
  35. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Build pushes new image tagged with new build ID Image: sha256@22222... (“build-22222”)
  36. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“build-22222”)
  37. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Image: “build-22222” tag Deployment updates service’s task definition, replacing tasks Image: sha256@22222... (“build-22222”)
  38. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T A journey to Infrastructure Automation Akos Veres | @puck Operability Engineer Equal Experts
  39. Who we are Founded in 2007 to challenge the traditional

    consulting model, we are now 1000+ expert consultants delivering custom software and helping with digital transformation for our clients – globally. The information contained in this document is confidential and proprietary. Copyright © Equal Experts. All rights reserved.
  40. Locations UK London, Manchester, Leeds Canada Calgary India Pune, Bengaluru

    Australia/NZ Sydney/Auckland Portugal Lisbon USA New York Germany Berlin South Africa Cape Town, Johannesburg The information contained in this document is confidential and proprietary. Copyright © Equal Experts. All rights reserved.
  41. Pros and Cons of Current Implementation Cons: • Manual Tasks

    • Manual Tests • Test Environment Only Pros: • Gaining confidence in tools and processes • Some level of automation • Starting somewhere
  42. Learnings from the journey • Team sport • Start with

    anything • Development environment for infra • Be ready to change solution • ~2 days from 1.10 to 1.13 using “The Bash”™ script • Backup & Roll-back solution • Strategy > Tools
  43. Simple solutions to big business problems. Cape Town +27 21

    680 5252 [email protected] Equal Experts SA (PTY) Ltd Unit A073 3rd Floor West Wing The Palms Woodstock Cape Town Contact - South Africa Simple solutions to big business problems.
  44. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Execute the app as one or more stateless processes
  45. Stateful container stores state in local disk or local memory.

    Workload ends up tied to a specific host that has state data. eu-west-1b Container 1 Disk eu-west-1c eu-west-1a
  46. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Stateful data Use services: • Amazon RDS • Amazon DynamoDB • Amazon ElasticCache • Amazon ElasticSearch • Amazon S3 • ……
  47. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Export services via port binding
  48. Port 32768 Port 33487 Port 32192 Port 32794 Port 32781

    Match: /api/users* Match: /api/auth*
  49. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Keep development, staging, and production as similar as possible
  50. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Dev #1 Dev #2 Staging / QA Production
  51. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Staging / QA Production Dev #1 Dev #2 Local Application Remote
  52. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Model container environments with AWS Cloud Development Kit (CDK) Developer Preview • Open source framework to define cloud infrastructure in TypeScript, Java, C#, … • Provides library of higher-level resource types (“construct” classes) that have AWS best practices built in by default, packaged as npm modules • Provisions resources with CloudFormation • Supports all CloudFormation resource types AWS CDK https://awslabs.github.io/aws-cdk
  53. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();
  54. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run(); CDK template
  55. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();
  56. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Treat logs as event streams
  57. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CLOUDWATCH LOGS CONFIGURATION { "containerDefinitions": [ { "name":“scorekeep-api", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/api"}} } ]}
  58. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CLOUDWATCH LOGS Logs Tab in the Task Detail Page View logs in the ECS or Cloudwatch Console
  59. Thank you! S U M M I T © 2019,

    Amazon Web Services, Inc. or its affiliates. All rights reserved. Sébastien Stormacq | @sebsto Technical Evangelist, AWS EMEA Akos Veres | @puck Operability Engineer, Equal Experts
  60. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved.